vBulletin - Cross Site Script Redirection
Versions Affected: 3.8.4 / 3.7.6 / 3.6.12
Patches Available: 3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1
Info: An XSS flaw within the user profile page has recently been discovered.
This could allow an attacker to carry out an action as a user or obtain
access to a user's account. To resolve this issue, it has been necessary to
release a patch level version of the active versions of vBulletin.
The upgrade process is the same as previous patch level releases - simply
download the patch from the Members Area, extract the files and upload to
your webserver, overwriting the existing files. There is no upgrade script
required.
As with all security-based releases, we recommend that all customers
upgrade as soon as possible in order to prevent any potential damage
resulting from the flaw being exploited.
Credits: The original finder of the security hole. (Jelsoft?)
Rese
...
Read more »